Certificate type?



  • If I wanted to buy a "real" certificate for Captive Portal, at Verisign or Entrust, what kind of cert do I specify?  Is there a particular flavor that is mandated or preferred?

    Thanks.



  • I guess you need a SSL certificate.



  • An SSL certificate that is appropriate for your needs.  This depends entirely on how many domains you own, or how many different ways the box will be referenced.  In most reasonable networks a simple SSL certificate for your domain will be enough.



  • The problem is I'm not a cert/PKI expert by any means.  It won't be used by our employees really, but everybody else visiting our corporation.  The domain in that sense is actually irrelevant since it's a somewhat internal (but vlaned) network for visitor Internet access.  I just want it to ask the minimal amount of questions in their web browser before being directed to the HTTPS login site I create.  Right now the self-created one has been quite annoying to some of our visitors.



  • Try a free certificate from CACert.org, that should avoid the prompts for any vaguely modern browser.



  • @Cry:

    Try a free certificate from CACert.org, that should avoid the prompts for any vaguely modern browser.

    Considering that CAcert.org community had an invalid security certificate and unknown by the latest version of Firefox when I just visited it, I doubt that.



  • The root certificate of CACert.org is not included in Firefox's built in root certificates so it's not surprising at all that FF flags the certificate as invalid. You'll have to import their root certificate into FF (after double double cheking that the certificate really is from them  ;) ) before it starts to play nice with certificates issued by CACert.org.



  • @kpa:

    The root certificate of CACert.org is not included in Firefox's built in root certificates so it's not surprising at all that FF flags the certificate as invalid. You'll have to import their root certificate into FF (after double double cheking that the certificate really is from them  ;) ) before it starts to play nice with certificates issued by CACert.org.

    Exactly.  I can do that with any other self-created cert too though (which is what I want to avoid in the first place).  So what makes them special?  Am I missing something?



  • I think some (distro specific maybe) builds may have had it included - I've certainly done a fresh install and had it work out of the box.  Unfortunately I've played with a lot of distros and package sources so I don't remember.

    Comodo (just checked and their root cert is built into Fx 3) does a 90 day free trial.  For cheap certificates a RapidSSL reseller is probably your way to go - you should be able to pick up a certificate for about $15/year.



  • @valnar:

    Exactly.  I can do that with any other self-created cert too though (which is what I want to avoid in the first place).  So what makes them special?  Am I missing something?

    No … yo're not missing something. As you thought already you have to buy a "official" SSL cert ... that will be the solution for your problem.


Log in to reply